Skip to content

Security Mistakes

Learning Objectives

  • Recognize high-risk security mistakes in code.
  • Apply practical prevention techniques.
  • Build safer defaults in everyday development.

High-Risk Mistakes

  • Trusting unvalidated user input.
  • Building SQL with string concatenation.
  • Hardcoding passwords or tokens.
  • Missing authorization checks.

Prevention Basics

  • Validate and sanitize input.
  • Use parameterized queries.
  • Store secrets in environment/config managers.
  • Enforce server-side access control.

Practice Tasks

  1. Replace one raw SQL query with parameterized SQL.
  2. Remove hardcoded secrets from sample code.
  3. Add validation for all user-provided fields.

Summary

Most security bugs are avoidable with safe defaults.